Section 1: Fraud prevention

Question

1. My organisation has a Fraud Policy.
2. The Fraud Policy is communicated regularly (annually or biannually).
3. My organisation has a staff Code of Conduct.
4. The staff Code of Conduct is communicated regularly (annually or biannually).
5. My organisation has a clear policy on accepting gifts or services.
6. Receiving gifts, free or heavily discounted services or preferential treatment because of my role in my organisation is (You may choose more than one answer):
   • A normal and expected part of the job
   • Acceptable below a monetary limit
   • Acceptable in certain circumstances (please specify)
   • Must always be declared to my manager / on an internal register
   • Never acceptable
7. My organisation has designated a person who is responsible for fraud risks, including investigation.
8. I am confident that managers in my organisation understand their responsibilities for preventing and detecting the risks of fraud and corruption.
9. I am confident that other employees understand their responsibilities for preventing and detecting the risks of fraud and corruption.
10. My organisation reviews its fraud controls on a regular basis (annually or bi-annually).
11. My organisation takes a proactive approach to preventing fraud and corruption.
12. New employees at my organisation undergo pre-employment screening that includes criminal history checks.
13. I have had fraud awareness training at my current organisation.
14. The fraud awareness training that I received at my current organisation was:
    • In the last 6 months
    • In the last 12 months
    • In the last 24 months
    • Was over two years ago
15. My organisation carries out due diligence on new suppliers, including credit checks and checks for conflicts of interest.

Fraud prevention – the first line of defence

Combating fraud is everyone’s responsibility. Public sector leaders and senior managers are critical role models. It is important that they set the right tone at the top and ensure that all staff understand their fraud risks and that they know what to do when fraud is discovered.

Having a robust fraud control framework is critical to ensuring organisations provide adequate mitigation to minimise the risk of fraud occurring. The key components of a fraud prevention framework are outlined in Australia-New Zealand corporate governance standards specific to fraud and corruption (AS 8001-2003 & 8001-2008) in the form of prevention, detection and response mechanisms. Broadly, these mechanisms require:

• A clear and visible commitment from senior management towards fraud prevention and a zero tolerance to fraud.
• A sound policy framework and, underneath this, policies that provide clear and concise guidance to all staff on fraud and fraud-associated matters and outline clear roles and responsibilities for fraud prevention.
• Established and well-controlled processes and systems that reduce the risk of fraud occurring to a minimum. However, while an organisation will benefit from a suite of fraud prevention measures, no organisation will be able to mitigate their fraud risks to zero.
• Fraud specific procedures that allow for the identification, collation and reporting of instances of fraud and the ongoing monitoring of remedial actions arising from such instances.
• Fraud awareness-raising activities and training (in ethics or code of conduct, privacy principles, fraud control activities).

The framework in effect helps organisations document what the expected behaviours are, and how it will ensure appropriate behaviour on an on-going basis. Should staff and/or others deviate from what’s expected, then the organisation is clear on how it will respond. This clarifies, for those who commit fraud and those who want to report fraud, what to expect in relation to organisational response.

The survey indicates that New Zealand public sector entities show a high awareness of the risk of fraud.

Some organisations seemingly have mature and connected policies and approaches to mitigating the risk of fraud, and in the main these appear to be the bigger agencies. However, many organisations appear to take comfort from the fact that they have not suffered fraud in the recent past and there is some additional sense that small entities do not see the need for formal policies and frameworks, tending to rely on their smallness and notion of the “trusted employee” as mitigation against fraud. Many instances of internal fraud have been committed by trusted employees.

All organisations should have a Code of Conduct. It is often the one document that sets out both the expected behaviours and the consequences for misconduct. The Code of Conduct is often the hub for other relevant policies, e.g. fraud policy. A total of 91.6% of respondents said that their organisation had a Code of Conduct.  79% of respondents said that their organisation had a specific fraud policy. However, to be effective they need to be regularly communicated, and this is often where organisations can improve. Fewer respondents indicated that their fraud policy (64.3%) and Code of Conduct (69.7%) were communicated regularly.

Organisations are often reluctant to discuss the potential for fraud, generally because it’s not a “top-of-mind” risk until it occurs and sometimes because of its negative connotations. This may in some part explain a noticeable finding of the survey that 73.9% of respondents said that they had not received fraud awareness training at their current organisation. Of those who had received training, 16.5% had received training in the previous six months, 33.2% in the previous 12 months and, for a quarter of respondents, over two years ago.

Employees are an organisation’s greatest weapon in the prevention of fraud. A significant amount of fraud is not detected in the early stages because of the inability of the organisation’s staff to recognise early warning signs or because they were unsure how to report their suspicions.